Privacy Policy
easybits GmbH · Privacy Policy · Version 2.0 · Effective: 17 March 2026 (Deutsch Version)
This Privacy Policy explains how easybits GmbH ("easybits", "we", "us") collects, uses, and protects personal data when you use our data extraction service at https://extractor.easybits.tech (the "Service"). We process your data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
1. Data Controller
easybits GmbH
Choriner Str. 83
10119 Berlin, Germany
Managing Director: Terence Hielscher
Email: support@easybits.tech
Phone: +49 (0)30 27596400
Website: https://easybits.tech
2. Data Protection Officer
Bernd Schulz
F1 Gesellschaft für Informationstechnologien und Managementberatung mbH
Mädewalder Weg 2, 12621 Berlin, Germany
Email: Datenschutz@f1-gmbh.de
For all data protection enquiries, please contact the Data Protection Officer at the address above.
3. Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for easybits is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219, 10969 Berlin
Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
4. Data We Collect and Why
We collect and process the following categories of personal data:
| Category | Details & Purpose |
|---|---|
| Account data | Name and email address collected when you register. Used to provide and manage your account. Legal basis: Art. 6(1)(b) GDPR (contract performance). |
| Payment data | Billing address and payment method details processed by our payment provider Stripe. We do not store full card details. Legal basis: Art. 6(1)(b) GDPR. |
| Usage data | IP address, device type, browser, timestamps, and usage logs collected automatically. Used to operate, secure, and improve the Service. Legal basis: Art. 6(1)(f) GDPR (legitimate interest). |
| Uploaded content | Documents and files you upload for extraction. Processed solely to provide the extraction Service. Legal basis: Art. 6(1)(b) GDPR. Deleted within 14 days of account closure. |
| Communications | Emails or support messages you send us. Used to respond to your enquiries. Legal basis: Art. 6(1)(b) GDPR. |
5. Retention Periods
We retain personal data only as long as necessary for the purposes described above or as required by law:
- Account and usage data: retained for the duration of your account, then deleted or anonymised within 30 days of account closure.
- Uploaded documents and extracted data: deleted within 14 days of account closure or subscription end.
- Payment records: retained for 10 years as required by German tax law (§ 147 AO).
- Support communications: retained for 3 years.
- Inactive accounts: anonymised after 12 months of inactivity.
6. Payment Processing — Stripe
We use Stripe, Inc. and its affiliate Stripe Payments Europe, Limited ("Stripe") as our payment processor. When you subscribe to a paid plan, your payment data is transmitted to and processed by Stripe in accordance with Stripe’s Privacy Policy (https://stripe.com/privacy). Stripe is certified to PCI DSS Level 1 and acts as a data processor under a Data Processing Agreement with us in accordance with Art. 28 GDPR. easybits does not store your full card details.
7. Third-Party Service Providers (Subprocessors)
To operate the Service, we share data with the following subprocessors under GDPR-compliant Data Processing Agreements. All transfers outside the EEA are covered by EU Standard Contractual Clauses (SCCs) or an adequacy decision.
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA / Ireland — SCCs |
| Amazon Web Services (AWS) | Cloud hosting & storage | Frankfurt, Germany (EU) |
| Google (Gemini, Analytics) | AI extraction, analytics | USA — SCCs |
| Hugging Face | AI model infrastructure | USA — SCCs |
| Intercom | Customer support chat | USA — SCCs |
| Mailjet | Transactional email | France (EU) |
| Sentry | Error monitoring | USA — SCCs |
| LogRocket | Session replay & analytics | USA — SCCs |
| Leadfeeder | B2B lead tracking | Finland (EU) |
| New Relic | Performance monitoring | USA — SCCs |
| Redis Labs | Caching / session storage | USA — SCCs |
| Slack | Internal team notifications | USA — SCCs |
Note: We no longer use MongoDB/mLab or Telegram for personal data processing. If you have questions about a specific subprocessor, contact our DPO.
8. Cookies
We use cookies and similar technologies on our website. You can manage your preferences via the Cookie Settings link in the website footer.
Essential cookies: Required for the basic operation of the site (session management, security). Cannot be disabled. Legal basis: Art. 6(1)(b) GDPR.
Analytics cookies: Google Analytics — used to understand how users interact with the site. Data is anonymised. Legal basis: Art. 6(1)(a) GDPR (consent).
Marketing/tracking cookies: Leadfeeder — tracks visits to identify potential business leads. Legal basis: Art. 6(1)(a) GDPR (consent).
You may withdraw your consent at any time via the Cookie Settings link.
9. Your Rights (Art. 15–21 GDPR)
You have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR) — obtain a copy of the personal data we hold about you.
- Right to rectification (Art. 16 GDPR) — correct inaccurate or incomplete data.
- Right to erasure / “right to be forgotten” (Art. 17 GDPR) — request deletion of your data.
- Right to restriction of processing (Art. 18 GDPR) — limit how we use your data.
- Right to data portability (Art. 20 GDPR) — receive your data in a structured, machine-readable format (JSON export available in-app).
- Right to object (Art. 21 GDPR) — object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3) GDPR) — withdraw any consent you have given at any time.
- Right to lodge a complaint — with the Berlin Commissioner for Data Protection (see Section 3).
To exercise any of these rights, contact our Data Protection Officer at Datenschutz@f1-gmbh.de. We will respond within one month (Art. 12 GDPR).
10. Data Security
We implement appropriate technical and organisational measures (TOMs) to protect your personal data in accordance with Art. 32 GDPR, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Role-based access controls and least-privilege principles.
- Regular backups, system monitoring, and penetration testing.
- All employees and contractors are subject to confidentiality obligations.
- All subprocessors are vetted and operate under GDPR-compliant DPAs.
11. International Data Transfers
Some of our subprocessors are located outside the European Economic Area (EEA), primarily in the USA. All such transfers are covered by appropriate safeguards under Art. 46 GDPR, specifically EU Standard Contractual Clauses (SCCs) adopted by the European Commission. A copy of the applicable SCCs is available on request from our DPO.
All primary data hosting takes place on AWS servers in Frankfurt, Germany.
12. Children's Data
The Service is not directed at persons under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that such data has been collected, we will delete it without delay.
13. Changes to This Privacy Policy
We may update this Privacy Policy as our services evolve or legal requirements change. We will notify you of material changes by email or via an in-app notice. Previous versions are available at https://easybits.tech/pages/legal/. This version supersedes all previous versions.
easybits GmbH · Choriner Str. 83, 10119 Berlin · support@easybits.tech · https://easybits.tech · Version 2.0 — 17 March 2026
We use cookies